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1  Introduction 


Decidable  inference  relations  have  been  studied  from  a  variety  of  different 
directions  and  have  been  applied  in  a  variety  of  ways.  The  well-known  con¬ 
gruence  closure  algorithm  is  fundamentally  a  decision  procedure  for  the  in¬ 
ference  relation  defined  by  the  inference  rules  for  equality,  including  the  rule 
for  the  substitution  of  equals  for  equals  [Kozen,  1977],  [Downey  et  a/.,  1980], 
[Nelson  and  Oppen,  1980].  Congruence  closure  has  applications  in,  among 
other  things,  compilation  and  program  verification  [Downey  et  al.,  1980], 
[Nelson  and  Oppen,  1979].  Other  decidable  relations  have  played  a  role  in 
various  automated  inference  and  program  verification  systems  [Nelson  and 
Oppen,  1980],  [Constable  and  Eichenlaub,  1982],  [Shostak,  1984].  Decid¬ 
able  inference  relations  also  play  a  central  role  in  strongly  typed  computer 
programming  languages  [Milner,  1978]  where  the  types  of  program  expres¬ 
sions  are  defined  by  inference  rules  for  deriving  types.  In  most  practiced  type 
systems  the  inference  rules  for  deriving  types  yield  a  decidable  relation. 

In  light  of  the  attention  that  has  already  been  given  to  particular  decid¬ 
able  inference  relations,  a  general  theory  of  decidable  relations  would  seem  to 
have  wide  applications.  This  paper  investigates  a  certain  class  of  polynomial¬ 
time  decidable  inference  relations  called  local  relations.  Locality  is  an  easily 
defined  property  of  a  set  of  inference  rules  which  guarantees  that  the  inference 
relation  generated  by  those  rules  is  polynomial  time  decidable.  Although  lo¬ 
cality  is  easily  defined,  determining  whether  a  given  set  of  inference  rules  is 
local  can  be  difficult  —  it  is  not  currently  known  whether  locality  itself  is 
decidable.  However,  it  is  possible  to  construct  a  procedure  for  automatically 
recognizing  a  certain  subclass  of  local  relations. 


The  best  known  example  of  a  local  rule  set  is  the  set  of  rules  for  equality 
that  underlies  the  congruence  closure  procedure.  The  method  given  here 
for  automatically  recognizing  certain  local  rule  sets  can  be  used  to  machine 

verify  a  theorem  given  in  [Kozen,  1977],  [Shostack,  1978],  and  [Nelson  and - 

Oppen,  1980]  concerning  the  equality  rule  set.  Additional  examples  of  local  _  yC 

rule  sets  are  given  below  which  support  the  conjecture  that  non-trivial  local 
rule  sets  are  quite  common. 


The  technical  notion  of  locality  presented  in  this  paper  underlies  a  general 
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approach  to  the  construction  of  semi- automated  verification  systems  for  ar¬ 
bitrary  first  order  reasoning.  Consider  a  sound  and  complete  set  of  inference 
rules  for  first  order  logic.  These  rules  can  be  separated  into  local  and  in¬ 
tractable  rules.  The  local  rule  set  defines  a  notion  of  an  “obvious”  inference. 
A  “high-level  proof”  is  a  proof  in  which  the  individual  steps  are  obvious  in 
this  sense.  The  amount  of  detail  that  must  be  explicitly  given  in  high-level 
proofs  is  determined  by  the  power  of  the  local  rule  set  —  powerful  local  rules 
yield  more  concise  high-level  proofs.  Clearly,  one  would  like  the  local  rule 
set  to  be  as  powerful  as  possible. 

Powerful  local  rule  sets  can  be  constructed  using  non-standard  syntax. 
There  are  many  different  languages,  with  non-standard  syntax  and  semantics, 
that  are  all  expressively  equivalent  to  first  order  predicate  calculus.  Each 
such  language  can  be  associated  with  sound  and  complete  inference  rules  — 
phrased  in  the  syntax  of  that  particular  language  —  and  these  rules  can  be 
separated  into  local  and  intractable  rules.  The  power  of  the  resulting  local 
rule  set  is  sensitive  the  original  choice  of  syntax  and  semantics.  It  seems  that 
syntactic  features  of  natural  languages  such  as  English  are  particularly  useful 
in  constructing  powerful  local  rule  sets.  The  fact  that  certain  syntactic  and 
semantic  constructions  yield  powerful  local  rule  sets  suggests  a  functional 
explanation  for  the  existence  of  those  constructions  in  human  language.  An 
example  of  a  local  natural  language  rule  set  is  given  in  section  7.  The  general 
approach  to  the  use  of  locality  in  constructing  high-level  proof  systems  is 
discussed  in  section  8. 

Hopefully,  the  notion  of  locality  described  in  this  paper  is  a  first  step 
toward  a  more  general  understanding  of  tractable  rule  sets.  Several  open 
technical  problems,  and  several  directions  for  further  research,  are  discussed 
at  the  end  of  the  paper.  A  better  understanding  of  tractable  inference  rela¬ 
tions  will  hopefully  result  in  an  improved  technology  for  the  construction  of 
semi-automated  verification  systems,  and  a  deeper  understanding  of  inference 
in  general. 
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Preliminary  Definitions 


This  paper  presents  a  general  procedure  for  recognizing  certain  cases  in  which 
a  set  of  inference  rules  generates  a  computationally  tractable  inference  rela¬ 
tion.  The  first  step  in  constructing  such  a  procedure  is  to  precisely  define 
the  notion  of  an  “inference  rule”.  Figure  1  gives  basic  inference  rules  for  the 
Boolean  connectives  -<  and  V.  In  these  rules  a  question  mark  in  front  of  a 
symbol  indicates  a  variable  that  can  be  replaced  by  different  expressions  in 
different  applications  of  the  rule.  Variables  in  inference  rules  will  be  called 
metavariables  to  distinguish  them  from  variables  of  the  underlying  language. 

Throughout  the  remainder  of  this  paper  we  let  B  (for  Boolean)  denote 
the  set  of  inference  rules  given  in  figure  1.  All  Boolean  expressions  can  be 
written  in  terms  of  the  two  universal  connectives  -»  and  V.  The  rule  set  B 
expresses  some,  but  not  all,  of  the  inferential  properties  of  these  connectives. 
The  rule  set  B  can  be  viewed  as  a  (somewhat  obscure)  characterization  of 
unit  resolution,  or  as  a  specification  of  the  Boolean  constraint  propagation 
mechanism  described  in  [McAllester,  1989].  The  inference  relation  generated 
by  these  rules  is  linear  time  decidable.  Yet,  if  the  above  inference  rules  are 
augmented  by  a  simple  case  analysis  sequent  rule  then  the  rules  become 
complete  for  Boolean  inference. 

As  another  example  of  a  set  of  inference  rules,  consider  the  following  rules 
for  equality. 


13 

?*  =  ?t 

16 

?*1  =  ?<! 

It  =  ?8 

?«„  =  ?«„ 

14 

It  =  ?t 

?/(?*!,...  ?S„)  =  ?/(?<!,. 

15 

?r  =  ?s 
?s  =  ?t 

?r  =  ?t 
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Figure  1:  A  tractable  set  of  Boolean  inference  rules 

The  rules  13, 14,  and  15  express  the  symmetry,  reflexivity,  and  transitivity 
properties  of  equality  respectively,  while  rule  16  expresses  the  substitutivity 
of  equals  for  equals.  It  is  well  known  that  congruence  closure  provides  a 
polynomial  time  decision  procedure  for  the  inference  relation  generated  by 
these  equality  rules.  The  precise  notion  of  inference  rule  developed  here  is 
not  general  enough  to  allow  for  the  notation  . .”  used  in  rule  16.  Fortu¬ 
nately,  however,  any  inference  problem  involving  function  symbols  of  more 
than  two  arguments  can  be  converted  to  an  equivalent  problem  involving 
function  symbols  of  at  most  two  arguments.  For  example,  a  function  /  of 
three  arguments  can  be  replaced  by  two  functions  pair  and  /'  such  that 
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/(x,  y,  2 )  equals  /'(x,  pair(y,  z)).  Without  loss  of  generality,  we  can 
replace  rule  16  by  the  following  two  rules. 


16a  ?s  =  ?< 


?/(?«)  =  ?/(?<) 


16b  ?5!  =  ?<! 

?s2  =  ?f2 


?/(?51,  ?*2)  =?/(?tX ,  ?<2) 


In  the  remainder  of  this  paper  we  let  E  denote  the  rule  set  consisting  of  rules 
13,  14,  15,  16a  and  16b. 

Different  metavariables  have  different  syntactic  kinds.  For  example,  the 
metavariables  that  appear  in  the  Boolean  rule  set  B  range  over  formulas, 
while  the  rule  set  E  has  metavariables  that  range  over  terms  and  metavari¬ 
ables  that  range  over  function  symbols.  The  phrases  “formula”,  “term”,  and 
“monadic  function”  each  refer  to  a  particular  syntactic  kind. 


Definition:  A  syntactic  kind  is  either  a  kind  symbol  or  an  ex¬ 
pression  of  the  form  <j\  x  <r2  x  . . .  arn  — ►  r  where  r  and  each  cr,  axe 
syntactic  kinds. 


Definition:  A  well  formed  expression  is  either  a  constant  symbol 
or  metavariable  of  a  given  syntactic  kind,  or  an  application  of 
the  form  f{si...sn)  where  /  is  a  well  formed  expression  of  kind 
x  . . .  crn  — *  r  and  each  s,-  is  a  well  formed  expression  of  kind 
<7j-  In  the  latter  case  the  expression  f{s\ . . .  sn)  is  a  well-formed 
expression  of  kind  r. 


In  first  order  predicate  calculus,  an  ordinary  constant  symbol  is  just  a 
constant  of  kind  term;  a  proposition  symbol  is  a  constant  of  kind  formula;  a 
function  symbol  of  is  a  constant  of  kind  term  x  . . .  term  — ►  term;  and  a  pred¬ 
icate  symbol  is  a  constant  of  kind  term  x  . . .  term  — ►  formula.  The  Boolean 
connectives  ->  and  V  are  constants  of  kind  formula  — ►  formula  and  formula 
x  formula  ->  formula  respectively.  Quantifier-free  predicate  calculus  is  the 
language  generated  by  a  set  of  constants  of  type  term,  a  set  of  constants  of 
type  formula,  a  set  of  function  symbols,  a  set  of  predicate  symbols  (including 
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equality)  and  the  Boolean  connectives.  A  well  formed  expression  o(ex, . . .  e*) 
will  sometimes  be  written  as  (o  ei...en)  (Lisp  notation),  and  occasionally 
as  ei  o  e2  (infix  notation). 

The  above  definitions  do  not  allow  for  quantified  expressions.  This  paper 
only  discusses  inference  rules  that  do  not  involve  quantification.  Even  with¬ 
out  quantifiers,  a  set  of  rules  can  still  generate  an  undecidable  or  intractable 
inference  relation.  On  the  other  hand,  the  presence  of  quantifiers  does  not 
necessarily  prevent  tractability.  Tractable  inference  relations  involving  quan¬ 
tification  are  discussed  in  [McAllester,  1989]  and  [McAllester  et  al.,  1989].  A 
more  general  notion  of  locality  will  be  needed  to  construct  a  procedure  for 
automatically  recognizing  tractability  in  rule  sets  that  involve  quantification. 

Definition:  A  well  formed  expression  of  kind  formula  will  be 
called  a  formula. 

Definition:  An  inference  rule  is  an  object  of  the  form 

© 

where  and  0  are  all  formulas. 

Definition:  A  metavariable  substitution  is  a  mapping  p  from 
metavariables  to  expressions  such  that,  for  any  metavariable  ?x, 
we  have  that  p(?x)  is  a  well  formed  expression  of  the  same  kind 
as  ?x. 

Definition:  For  any  metavariable  substitution  p ,  and  any  well 
formed  expression  s,  we  define  p(s)  to  be  the  result  of  replacing 
each  metavariable  in  s  by  its  image  under  p.  For  any  set  of 
expressions  T,  we  define  p( T)  to  be  the  set  (p(s)  :  s  €  T}. 

Observation:  For  any  metavariable  substitution  p,  and  any  well 
formed  expression  s,  p(s)  is  a  well  formed  expression  with  the 
same  syntactic  kind  as  s. 

Definition:  A  formula  $  is  one-step  derivable  from  a  set  of  for¬ 
mulas  E  under  inference  rules  R  if  there  exists  an  inference  rule 
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in  i?,  and  a  metavariable  substitution  p ,  such  that  p^,), . . .  p(^n) 
are  all  members  of  E  and  p(0)  equals  $. 

Definition:  A  derivation  of  $  from  E  is  a  '.equence  of  formulas 
\J/l,  $2»  •  •  •  such  that  each  is  either  a  member  of  E,  or  is  one- 
step  derivable  under  R  from  previous  elements  of  the  sequence, 
and  \&n  is  the  formula  $.  If  there  exists  a  derivation  of  $  from  E 
under  rule  set  R  then  we  write  E  Hr 

Note  that  Hr  is  the  relation  generated  by  R  in  the  standard  way. 


3  Local  Rule  Sets 


We  are  interested  in  finding  general  properties  of  a  rule  set  R  that  guarantee 
that  the  corresponding  inference  relation  Hr  is  polynomial  time  decidable. 
One  way  of  doing  this  is  to  consider  a  “restricted”  relation  h  r  that  is  ex¬ 
plicitly  constructed  to  be  polynomial  time  decidable.  This  can  be  done  using 
the  following  terminology. 

Definition:  A  formula  will  be  called  a  label  formula  of  a  set 
or  expressions  fi  if  every  proper  subexpression  of  is  a  member 
of  fi. 

Definition:  For  any  set  of  formulas  T  and  rule  set  R  we  define 
Cl(R,  T)  to  be  the  set  of  all  proper  subexpressions  of  formulas  in 
T  plus  all  closed  (variable-free)  proper  subexpressions  of  formulas 
in  R. 

Note  that,  for  any  finite  rule  set  R  and  finite  formula  set  T,  the  set  Q(R,  T) 
is  finite.  However,  any  formula  constant  or  formula  metavariable  is  a  label 
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formula  of  any  expression  set.  This  implies  that  any  expression  set  has 
an  infinite  set  of  label  formulas.  In  spite  of  the  infinity  of  label  formulas, 
however,  restricting  the  inference  process  to  label  formulas  of  a  small  finite 
set  yields  a  tractable  inference  relation. 


Definition:  We  write  E  h/j  $  if  there  exists  some  derivation 
^i»  ^2»  •  •  •  of  $  from  E  under  rule  set  R  such  that  each 't,  is 
a  label  formula  of  Cl(R,  E  U  {$ }). 

Tractability  Lemma:  For  any  finite  rule  set  R,  the  relation  h  R 
is  polynomial  time  decidable. 

Definition:  A  set  of  rules  R  will  be  called  local  if  the  relation 
h  R  is  the  same  as  the  relation  \~R. 


The  tractability  lemma  implies  that  the  inference  relation  generated  by 
a  local  rule  set  is  polynomial  time  decidable.  The  proof  of  a  refined  version 
of  the  tractability  lemma  is  given  in  the  following  section.  It  is  instructive, 
however,  to  consider  the  equality  rule  set  E.  Consider  the  problem  of  deter¬ 
mining  whether  or  not  E  H  e  $  where  $  and  each  formula  in  E  are  equations 
between  first  order  terms.  The  expression  set  f 1(E,  E  U  {<£})  consists  of  the 
equality  symbol  plus  all  first  order  terms  that  appear  in  E  and  $.  If  s  and 
t  are  terms  in  f l(E,  E  U  {$})  then  the  equation  s  =  t  is  a  label  formula 
of  E  U  {$}).  Let  n  be  the  total  size  of  E  U  {$}.  There  are  order  n2 
equations  that  are  label  formulas  of  Q(£,E  U  {$}).  This  implies  that  one 
can  enumerate,  in  polynomial  time,  all  label  formulas  of  £l(E,  E  U  {$})  that 
can  be  derived  from  E  using  derivations  restricted  to  label  formulas. 

The  definition  of  locality  does  not  provide  any  obvious  way  of  determining 
if  a  given  rule  set  is  local.  Locality  of  the  equality  inference  rules  was  orig¬ 
inally  proved  (using  different  terminology)  independently  by  Kozen  [Kozen, 
1977]  and  Shostak  [Shostack,  1978].  Kozen  uses  a  syntactic  argument  to 
show  that  if  E  \~e  $,  then  E  H  e  The  proof  is  essentially  an  induction 
on  the  length  of  the  derivation  used  to  establish  E  \~e  Shostak’s  proof  of 
the  locality  of  E  is  semantic.  Shostak  observes  that  the  relation  H  e  is  clearly 
sound  under  the  standard  semantics  for  equality.  Furthermore,  if  E  ty  E  $, 
then  one  can  construct  a  model  of  E  in  which  $  is  false.  In  other  words,  the 
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relation  H  £  is  semantically  complete.  Since  I ~e  is  sound,  and  is  at  least  as 
strong  as  H  e,  the  semantic  completeness  of  H  e  implies  that  H  e  is  the  same 
as  \~e .  A  semantic  proof  using  a  simpler  model  construction  was  later  given 
by  Nelson  and  Oppen  [Nelson  and  Oppen,  1980].  Semantic  proofs  of  locality 
of  other  rule  sets  can  be  found  in  [McAllester  et  al.,  1989]  and  [McAllester 
and  Givan,  1989]. 

Semantic  proofs  of  locality  are  more  compact  in  many  cases  than  syn¬ 
tactic  proofs  of  the  same  results.  However,  it  seems  difficult  to  generalize 
semantic  proof  techniques  to  the  point  where  they  can  be  used  to  mechani¬ 
cally  recognize  a  wide  class  of  local  rule  sets.  However,  section  6  shows  that 
syntactic  techniques  for  proving  locality  can  be  used  as  the  foundation  for  a 
general  locality  recognition  procedure. 


4  The  Tract  ability  Lemma 

The  tractability  lemma  states  that  for  any  finite  rule  set  R,  the  relation  h  R  is 
polynomial  time  decidable.  The  statement  of  the  tractability  lemma  can  be 
refined  to  give  a  useful  upper  bound  on  the  order  of  the  polynomial  involved. 
This  refinement  requires  some  additional  terminology. 

Definition:  An  inference  rule  r  will  be  said  to  have  order  k 
if  there  exist  expressions  ei . . .  e*,  suc_i  that  each  e,  is  either  a 
metavariable  or  a  proper  subexpression  of  some  formula  in  the 
rule  r,  and  such  that  every  metavariable  that  appears  in  r  also 
appears  in  some  e,-. 

For  example,  the  rule 

16b  ?Sl  =  ?t  i 

?S2  =  ?<2 

?/(?•».  •*)«?/(?*!,  ?*»), 
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has  order  two  because  the  two  expressions  ?/(?Si,  ?Sj)  and  ?/(?ti,  ?<2) 
satisfy  the  requirements  of  the  above  conditions.  Note  that  the  rule  does 
not  have  order  one  because  the  equation  ?/(?Si,  S2)  =  ?/(?ti,  ?<2)  is  not  a 
proper  subexpression  of  a  formula  in  the  rule.  Similarly,  the  rule 

7  -.?<& 

->(?<&  V  ?$) 

has  order  one,  while  the  rule 

3  ?$ 

?$  v  ?$ 

has  order  two. 

Refined  Tractability  Lemma:  For  a  fixed  finite  rule  set  R,  it 
is  possible  to  determine  whether  £  H  r  $  in  order  nk  time  where 
n  is  the  total  size  of  E  and  $  and  all  rules  in  R  have  order  k  or 
less. 

Proof:  For  the  purposes  of  this  proof,  a  rule  set  R  will  be  called  normal  if,  for 
every  rule  r  in  R,  every  metavariable  in  r  appears  as  a  proper  subexpression 
of  some  formula  in  r.  We  first  reduce  the  problem  of  determining  whether 
E  H  R  $  to  the  the  problem  of  determining  whether  £  h  r  $  in  the  case 
where  R  is  normal.  If  E  is  empty,  and  no  inference  rule  in  R  has  an  empty 
set  of  antecedents,  then  E  $.  Thus  we  can  assume  without  loss  of 
generality  that  either  E  is  non-empty  or  some  rule  in  R  has  no  antecedents. 
Consider  a  rule  r  and  a  metavariable  that  appears  in  r  but  does  not 
appear  as  a  proper  subexpression  of  any  formula  in  r.  The  only  place  ?\P  can 
appear  in  r  is  as  an  antecedent  or  conclusion.  If  is  both  an  antecedent 
and  a  conclusion,  then  r  can  be  removed  from  the  rule  set  without  affecting 
the  relation  H  /*.  If  T’J  is  an  antecedent  but  not  a  conclusion,  then  the  above 


comments  about  E  and  R  imply  that  the  rule  r  can  be  replaced  by  the  rule 
r'  in  which  the  antecedent  has  been  removed.  If  ?\&  is  the  conclusion  of 
r,  but  is  not  an  antecedent  of  r,  then  we  replace  r  by  the  rule  r'  derived  from 
r  be  replacing  the  conclusion  ?’£  with  a  new  formula  constant  F.  Let  R'  be 
the  rule  set  derived  from  R  by  making  all  such  removals  and  replacements. 
We  now  have  that  S  $  just  in  case  E  h  $  or  E  h  r>  F.  Furthermore, 
R'  is  a  normal  rule  set  and  all  rules  in  R!  have  order  k  or  less. 

Now,  without  loss  of  generality,  we  can  assume  that  R  is  a  normal  rule  set. 
Let  T  be  the  set  fl(i2,E  U  {$}).  For  a  fixed  rule  set  R,  the  set  T  has  order 
n  elements.  We  have  that  E  H  r  $  just  in  case  there  exists  a  derivation 
$2  *  •  •  of  $  from  E  under  R  such  that  each  'F,-  is  a  label  formula  of 
T.  Let  r  be  an  inference  rule  in  R.  For  any  metavariable  substitution  p  we 
let  p(r)  be  the  iule  derived  from  p  by  replacing  each  metavariable  in  r  by  its 
image  under  p.  Since  R  is  normal,  we  need  only  consider  those  instances  p(r) 
where  p  maps  every  meta  triable  in  r  to  a  member  of  T.  Let  . . .  ej  be  a  set 
of  expressions  that  satisfy  the  conditions  of  the  definition  of  r  being  order  j. 
Each  e,-  is  either  a  metavariable  or  a  proper  subexpression  of  some  formula 
in  r.  This  implies  that  we  need  only  consider  those  instances  p(r)  where  p 
is  a  substitution  such  that  p{ti) .  are  all  members  of  T.  Since  every 

metavariable  in  r  appears  in  some  e,-,  the  set  of  all  such  instances  p(r)  can  be 
computed  by  matching  the  expressions  . . .  ej  against  elements  of  T.  For 
a  fixed  rule  r  (independent  of  the  size  n),  the  set  of  all  possible  matches  of 
t\ . . .  ej  to  elements  of  T  can  be  computed  in  order  n-7  time.  The  restriction 
that  each  /?(e,)  he  an  element  of  T  does  not  guarantee  that  the  conclusion 
and  antecedents  of  p{r)  are  label  formulas  of  T.  Let  7(r)  be  the  set  of  all 
such  instances  p(r)  such  that  the  conclusion  and  all  the  antecedents  of  p(r ) 
are  label  formulas  of  T.  The  set  7(r)  can  be  computed  in  order  nJ  time.  Let 
7 (72)  be  the  union  of  the  sets  7(r)  for  rules  r  in  R.  The  set  7(i?)  can  be 
computed  in  order  nk  time.  We  now  have  that  E  H  r  $  just  in  case  $  can 
be  derived  from  E  under  the  rules  7(72)  by  purely  propositional  reasoning 
(we  need  not  consider  further  substitution  into  the  rules  in  I(R)).  This  is 
equivalent  to  determining  if  a  given  proposition  symbol  can  be  derived  from 
a  set  of  proposition  symbols  using  a  set  of  propositioned  Horn  clauses.  The 
existence  of  such  a  derivation  can  be  determined  in  time  proportional  to 
the  total  size  of  the  set  of  propositional  Horn  clauses.  Since  7(72)  can  be 
computed  in  order  nk  time,  its  total  size  is  order  nk. 
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5  Syntactic  Proofs  of  Locality 


For  any  finite  rule  set  R,  the  relation  h  r  is  polynomial  time  decidable.  The 
rule  set  R  is  local  if  the  relation  is  the  same  as  the  relation  h*  A 
general  syntactic  approach  to  proving  locality  for  particular  rule  sets  can  be 
constructed  using  the  following  definitions. 

Definition:  A  set  of  expressions  T  will  be  called  subexpression 
closed  if  every  subexpression  of  every  member  of  T  is  also  a  mem¬ 
ber  of  T. 

Definition:  Let  R  be  a  rule  set,  E  a  formula  set,  and  let  T  be 
an  expression  set  that  is  subexpression  closed  and  that  contains 
E)  as  a  subset.  The  set  Cr( E,  T)  is  defined  to  be  the  set  of 
formulas  such  that  there  exists  a  derivation  of  \Er  from  E  such 
that  every  formula  appearing  in  that  derivation  is  a  label  formula 
of  T. 

Observation:  E  h/j  $  if  and  only  if  $  €  Ct*(E,Q(.R,EU  {$})). 

Definition:  We  say  that  the  set  Cfl(E,  T)  is  universal  if  Cj^E,  T) 
contains  all  label  formulas  of  T. 

Lemma:  Let  R  be  a  fixed  rule  set  such  that  all  rules  in  R  have 
order  k  or  less.  Let  E  be  a  formula  set,  let  T  be  a  subexpression 
closed  set  containing  E)  and  let  n  be  the  number  of  expres¬ 
sions  in  T.  One  can  determine  whether  (^(E,  T)  is  universal  in 
order  nk  time.  If  Cr( S,  T)  is  not  universal,  it  is  finite  and  can  be 
enumerated  in  order  nk  time. 

The  proof  of  the  above  lemma  is  similar  to  the  proof  of  the  refined 
tractability  lemma  and  is  not  given  here.  It  is  possible  to  characterize  locality 
in  terms  of  the  closure  operator  Cr  rather  than  the  inference  relation  H  r. 
To  do  this  we  need  some  additional  terminology. 

Definition:  A  one  step  extension  of  a  subexpression  closed  set 
T  is  an  expression  a  that  is  not  a  member  of  T  but  such  that 
every  proper  subexpression  of  a  is  a  member  of  T. 
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Definition:  An  extension  event  for  a  rule  set  R  is  a  four-tuple 
<a,  'P,£,Y>  such  that  Y  is  subexpression  closed  and  contains 
fi(i2,  £),  a  is  a  one  step  extension  of  T,  and  '5  is  a  member  of 

Cr{  S,Tu{a}). 

The  letters  £,  £i,  £2,  etc.  are  used  below  to  denote  extension  events. 
Consider  an  extension  event  <a,  $,£,  T>.  Note  that  the  formula  \P  may  be 
“old”  in  the  sense  that  $  may  be  a  member  of  Cjj(S,T).  Alternatively,  'P 
may  be  “new”  in  the  sense  that  $  is  a  member  of  Cr(E,  T  U  {a})  but  not 
a  member  of  Ch(E,Y).  The  lemma  given  below  states  that  a  rule  set  R  is 
local  if  and  only  if  it  is  impossible  for  a  new  formula  to  be  a  label  formula  of 
the  old  set  Y. 


Definition:  A  feedback  event  for  a  rule  set  R  is  an  extension 
event  <a,  'if',  £,  Y>  for  R  where  $  is  a  label  formula  of  Y  but  not 
a  member  of  Cr(E,  Y). 

Lemma:  A  rule  set  R  is  local  if  and  only  if  there  are  no  feedback 
events  for  R. 

Proof:  First,  suppose  there  exists  a  feedback  event  £  for  R 
with  components  <a,  <?,£,  Y>.  The  fact  that  \P  is  a  member 
of  Cr( £,Y  U  {a})  implies  that  £  tf.  The  fact  that  £  is 

a  feedback  event  implies  that  $  is  a  label  formula  of  Y  but  not 
a  member  of  Cr(E,  Y).  The  fact  that  'P  is  a  label  formula  of  Y 
implies  that  Y  contains  f l(R,  £U'P).  So  ^  must  not  be  a  member 
of  Cr(E,  £  U  {'P}))  and  so  £  \/  R  *P.  Thus  l-/i  and  H  r  are 
different  and  R  is  not  local. 

The  above  argument  shows  that  if  R  is  local  then  there  can 
be  no  feedback  events  for  R.  We  will  now  show  the  converse  — 
if  there  are  no  feedback  for  events  for  R  then  R  is  local.  Suppose 
there  are  no  feedback  events  for  R.  Now  consider  any  £  and 
$  such  that  £  R  $.  To  show  that  R  is  local  it  suffices  to 
show  that  £  I /r  To  show  £  \/r  $  it  suffices  to  show  that 
for  any  finite  subexpression  closed  set  T  containing  f l(R,E  U 
$)  we  have  $  £  Cr(E,  Y).  By  assumption  we  have  that  $  0 
Cr(E,£1(R,  £  U  {$})).  Now  let  Y  be  any  subexpression  closed 
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set  containing  £  U  {$})  such  that  $  £  Cr(E,  T).  For  any 
one-step  extension  a  of  T  we  have  that  $  is  not  a  member  of 
Cfl(£,  T  U  {a})  —  otherwise  the  tuple  <cr,$,  £,T>  would  be  a 
feedback  event.  By  induction,  this  implies  that  $  is  not  a  member 
of  Cr(H,  T)  for  any  finite  subexpression  closed  set  T  containing 
Cl(R,  £  U  {$})  and  thus  £  \/r  $. 


The  above  lemma  reduces  the  problem  of  determining  locality  to  the  prob¬ 
lem  of  determining  the  existence  of  feedback  events.  The  locality  recognition 
procedure  is  based  on  a  general  method  of  proving  the  non-existence  of  feed¬ 
back  events.  This  general  method  is  best  introduced  using  a  simple  example. 
Consider  the  following  rules  expressing  the  monotonicity  of  an  operator  /. 


17  ?<  C  ?t  19  la  C  ?u 

18  ?r  C  ?s  /(?*)  C  /(?«) 

?jC?i 

?rC?/ 

Let  M  (for  monotonicity)  be  this  set  of  three  inference  rules.1  We  wish 
to  prove  the  non-existence  of  feedback  events  for  M.  Consider  an  extension 
event  «*,  £,  T>  for  rules  M.  Either  $  is  an  “old”  formula,  i.e.,  a  member 

of  Cm(£,  T),  or  $  is  provable  from  old  formulas  using  the  above  inference 
rules.  It  is  possible  to  characterize  all  the  ways  of  proving  a  new  formula 
from  old  formulas  using  rules  M.  More  specifically,  for  any  extension  event 
<q,  £,  T>  for  M,  one  of  the  following  four  conditions  must  hold. 


•  V  is  an  “old”  formula,  i.e.,  a  member  of  Cm(E,Y). 

•  ^  is  the  formula  a  C  a. 

xThe  rule  set  M  has  applications  in  high-level  proof  systems  for  first  order  logic 
[McAllester  et  al.,  1989].  An  in-depth  analysis  of  the  computational  complexity  of  the 
relation  is  given  in  [Neal,  1989]. 
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•  a  is  of  the  form  f(s)  and  is  a  formula  of  the  form  a  C  t  where 
C’m(£,  T)  contains  the  formulas  s  C  u  and  /(u)  C  t  . 

•  a  is  of  the  form  f(s)  and  ^  is  a  formula  of  the  form  t  C  a  where 
Cji/(2,  T)  contains  the  formulas  t  C  /(u)  and  u  C  s. 


If  an  extension  event  satisfies  one  of  the  above  conditions  then  either  $  is  an 
old  formula  (the  first  condition)  or  $  contains  a  as  a  proper  subexpression 
(the  last  three  conditions).  Thus is  either  an  old  formula,  or  it  is  not  a 
label  formula  of  T.  So  no  event  satisfying  one  of  the  above  conditions  can 
be  a  feedback  event.  The  problem  of  proving  the  non-existence  of  feedback 
events  for  M  has  now  been  reduced  to  the  problem  of  proving  that  every 
extension  event  for  M  satisfies  one  of  the  above  four  conditions.  This  can  be 
be  done  using  the  following  definitions. 


Let  R  be  a  rule  set,  2  a  formula  set,  T  a  subexpression  closed  set 
containing  fi(i2, 2),  and  let  a  be  a  one  step  extension  of  T. 

Definition:  The  set  C£°(2,T)  is  defined  to  be  C*(2,T).  The 
set  C“J+1(2,  T)  is  defined  to  be  C£J(2,  T)  plus  all  label  formu¬ 
las  of  T  U  {a}  that  can  be  derived  from  C£J( 2,T)  via  a  single 
application  of  an  inference  rule  in  R. 


Note  that 

C*(E,TU{a})=(JC£,(S,T). 

;>o 


Consider  a  fixed  but  arbitrary  2,  T  and  a.  To  show  the  non-existence  of 
feedback  events  for  M,  it  suffices  to  show  that  every  formula  ’P  in  Ca/(2,  TU 
{a})  satisfies  one  of  the  above  four  conditions  with  respect  to  2,  T,  and  a. 
The  four  conditions  can  be  viewed  as  defining  four  different  types  of  formulas 
in  the  set  C/^( 2,  T  U  {a}).  To  prove  that  every  formula  in  Ca/(2,  T  U  {a}) 
is  of  one  of  these  four  types,  it  suffices  to  prove,  by  induction  on  j,  that 
every  formula  in  C%/( 2,T)  is  of  one  of  these  four  types.  Every  formula  in 
C%f°(  2,  T)  is  an  old  formula  and  so  is  a  formula  of  the  first  type.  Now  assume 
that  every  formula  in  C^f( 2,  T)  is  of  one  of  the  four  given  types.  Under  this 
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assumption  one  can  prove  that  every  formula  $  in  C£fJ+1(£,  T)  is  of  one  of 
the  given  types.  The  induction  step  involves  a  case  analysis  on  the  proof  rule 
used  to  derive  an  element  of  C^+1(S,T)  and  the  types  of  formulas  used  as 
antecedents  in  the  application  of  that  rule. 

The  method  just  described  for  proving  locality  for  the  rule  set  M  can  be 
generalized  to  a  mechanical  procedure  for  recognizing  locality. 


6  The  Locality  Recognition  Procedure 


The  mechanical  locality  recognition  procedure  is  not  guaranteed  to  recognize 
of  all  local  rule  sets.  However,  it  is  possible  to  precisely  characterize  the 
class  of  rule  sets  whose  locality  is  mechanically  recognizable.  This  precise 
characterization  involves  some  additional  terminology. 


Definition:  The  rank  of  an  extension  event  <a,^,E,T>  for  a 
rule  set  R  is  the  least  natural  number  j  such  that  is  an  element 
of  CHE,  T). 

Definition:  For  any  natural  number  k  and  rule  set  R  we  say 
that  R  is  k -bounded-local  if  R  is  local  and  all  extension  events  for 
R  have  rank  j  or  less.  The  rule  set  R  is  bounded- local  whenever 
there  exists  some  k  such  that  R  is  &-bounded-local. 


Note  that  if  R  is  &-bounded-local  then  C/*(£,  T  U  {a})  is  always  equal 
to  C£’*( £,T).  It  would  seem  that  bounded-locality  is  an  extremely  strong 
condition  on  inference  rules  and  that  few  rule  sets  would  satisfy  this  condi¬ 
tion.  However,  all  of  the  examples  of  local  inference  rules  discussed  above 
are  bounded-local  —  the  rule  sets  E  and  M  are  2-bounded-local  while  B 
is  1-bounded  local.  Unfortunately,  there  are  rule  sets  which  are  local  but 
not  bounded- local.  Let  I  consist  of  the  reflexivity  rule  (17),  transitivity  rule 
(18),  plus  rules  20,  21,  and  22  given  below.  The  rule  set  /  is  local  but  not 
bounded-local  (the  proof  is  left  as  a  non-trivial  exercise  for  the  reader). 


17 


20  n(?s,?t)c?s  22  ?ti>C?s 

?w  C  ?t 

21  n(?s,?<)C?l  - 

?w  c  n(?5,?0 

Given  that  /  is  local  (although  not  bounded-local),  the  refined  tractability 
lemma  implies  that  the  generated  inference  relation  is  decidable  in  order  n3 
time  (the  transitivity  rule  has  order  3). 

The  following  two  theorems  are  the  main  results  of  this  paper. 


First  Locality  Recognition  Theorem:  For  any  rule  set  R  and 
bound  k  it  is  possible  to  determine  whether  or  not  R  is  fc-bounded 
local. 

Second  Locality  Recognition  Theorem:  There  exists  a  pro¬ 
cedure  which,  given  any  rule  set  R,  does  the  following. 

•  If  R  is  not  local  then  the  procedure  terminates  and  outputs 
a  feedback  event  for  R. 

•  If  R  is  bounded-local  then  the  procedure  terminates  and 
outputs  the  least  k  such  that  R  is  fc-bounded-local  plus  an 
enumeration  of  the  possible  “types”  of  extension  events. 

•  If  R  is  local,  but  not  bounded-local,  then  the  procedure  fails 
to  terminate. 

Consider  the  proof  of  locality  for  the  monotonicity  rules  described  in  the 
preceding  section.  The  proof  shows  that  every  monotonicity  extension  event 
falls  into  one  of  four  types  and  that  no  event  of  these  types  can  be  a  feedback 
event.  To  mechanize  this  proof  technique  we  need  some  way  to  formally 
represent  event  types.  Consider  the  third  monotonicity  event  type  given  in 
the  preceding  section: 

•  a  is  of  the  form  f(s)  and  'P  is  a  formula  of  the  form  a  C  t  where 
Cm(E,  T)  contains  the  formulas  s  C  u  and  /(u)  C  t  . 
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The  events  of  this  type  can  be  characterized  by  specifying  the  form  of  a, 
the  form  of  and  certain  formulas  that  must  be  in  C/i(S,  T).  In  general, 
we  allow  a  formal  specification  of  an  event  type  to  also  include  a  specification 
of  expressions  that  must  be  in  T.  A  formal  specification  of  an  event  type  is  a 
four-tuple  <a',  £',  T'>  where  a'  and  are  patterns  giving  the  form  of  a 

and  respectively;  £'  is  a  set  of  formulas  that  must  be  included  in  C.r(£,  T); 
and  T'  is  a  set  of  expressions  that  must  be  included  in  T.  The  patterns  a' 
and  'P/  are  just  expressions  containing  metavariables.  The  above  type  of 
monotonicity  event  can  be  characterized  by  the  following  formal  four-tuple. 

•  </(?«),  /(?«)£?*,  {?s  C  ?u,/(?u)  C  ?t},  {C, /,?,,?*, /(?«), ?ti}> 


The  above  four-tuple  specifies  the  class  of  events  in  which  a  has  the 
form  /(?«),  ^  has  the  form  a  C  It,  and  C/?(E,  T)  contains  the  formulas 
?s  C  ?«  and  /(?u)  C  It.  Let  <a',  £',  T'>  be  the  above  four-tuple.  Note 

that  T'  has  been  constructed  so  that  T'  is  a  subexpression  closed  set  con¬ 
taining  Q(R,  E'),  and  a'  is  a  one-step  extension  of  T'.  In  fact,  the  tuple 
<a', 'f',  S',  T'>  satisfies  all  of  the  conditions  given  in  the  definition  of  an 
extension  event  —  this  tuple  is  itself  an  extension  event.  In  general,  an 
extension  event  containing  metavariables  defines  an  entire  class  of  “instanti¬ 
ations”  of  that  event. 


Definition:  Let  8  be  an  extension  event  <a,^,  E,T>  and  let  S' 
be  an  event  <a',  <#',  E',  T'>.  We  say  that  8  is  an  R-instancc  of 
the  template  8',  or  that  the  template  8'  R-covers  the  event  8,  if 
there  exists  a  metavariable  substitution  p  satisfying  the  following 
conditions. 

•  p(a')  =  a 

•  p('i')  = 

.  p(E')  C  Ca(£,  T) 

•  P(^)  S  T 

We  say  that  a  template  set  T\  R-c overs  an  event  set  Ti  if  every 
member  of  T2  is  /^-covered  by  some  member  of  7\. 
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I  will  often  say  “covers”  or  “instance”  rather  than  “iZ- covers”  or  “iZ- 
instance”  respectively  when  the  rule  set  is  clear  from  context.  I  will  use  the 
term  “event  template”,  or  just  “template”,  rather  them  the  term  “event”  to 
describe  events  that  are  being  used  as  templates  or  schemas  for  a  whole  class 
of  events.  The  following  lemmas  state  useful  properties  of  event  templates. 

Let  £  be  <a,  «,  E,  T>  and  let  £'  be  <a',  E',  T'>  such  that  £ 

is  an  instance  of  £'  by  virtue  of  the  metavariable  substitution  p. 

Lemma:  The  set  p(Cr( E',  Y'))  is  a  subset  of  Cr(Z,  T). 

Proof:  Consider  any  formula  0  in  C/i(E',  Y').  We  must  show 
that  p(0)  is  a  member  of  C/j(E,  T).  Consider  a  derivation  D  of  0 
from  E'  such  that  all  formulas  in  the  derivation  are  label  formulas 
of  Y'.  Let  p(D)  be  the  derivation  derived  from  D  by  replacing 
each  expression  in  D  by  its  image  under  the  substitution  p.  p(D) 
is  a  derivation  of  p(0)  from  p( E').  Furthermore,  since  p(T')  is  a 
subset  of  T,  every  formula  in  p{D)  is  a  label  formula  of  T.  Since 
every  element  of  p{ S')  is  in  C/j(E,T),  we  must  have  that  p(0)  is 
also  in  C/t(E,Y). 

Lemma:  For  each  natural  number  j,  the  set  E',  Y'))  is  a 

subset  of  CaRj{ E,  Y). 

Proof:  The  proof  is  by  induction  on  j.  The  previous  lemma  es¬ 
tablishes  the  result  for  j  =  0.  Now  assume  that  the  result  holds 
for  j  and  consider  j  +  1.  Let  0  be  any  formula  in  J+1(E',  Y'). 

We  must  show  that  p(0)  is  in  C^J+1(E,  Y).  0  is  derivable,  via  a 
single  inference  rule,  from  some  formulas  in  CR  ’■,(E',  Y'). 

By  the  induction  hypothesis  p($i) . . .  p($n)  are  in  CftJ(2,T). 

But  p(0)  is  derivable  from  p($i) . . .  p($n)  and  p(0)  is  a  label 
formula  of  Y  U  {a}.  Thus  p(0)  is  in  C'^J+1(E,  Y). 

Lemma:  The  rank  of  £  is  less  than  or  equal  to  the  rank  of  £'. 

Proof:  Let  j  be  the  rank  of  £'.  The  formula  is  in  CR  J(E',  Y'). 

By  the  above  lemma,  p(V)  must  be  in  C^(E,  Y).  Since  p('t') 
equals  ty,  the  event  £  must  have  rank  j  or  less. 

Lemma:  If  £'  is  not  a  feedback  event  then  £  is  not  a  feedback 
event. 
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Proof:  Since  S'  is  not  a  feedback  event  the  formula  is  either 
a  member  of  Cr(T,\  Y7)  or  is  not  a  label  formula  of  Y7.  In  the 
first  case,  the  above  lemma  implies  that  '),  and  hence  is  a 
member  of  Cr(E,  T).  Now  suppose  that  '5  is  not  a  label  formula 
of  T.  Since  'J7  is  a  label  formula  of  Y7  U  {a7}  but  not  a  label 
formula  of  Y7,  the  expression  a'  must  be  a  proper  subexpression 
of  ^7.  But  this  implies  that  p(a')  is  a  proper  subexpression  of 
p( ty)  and  thus  a  is  a  proper  subexpression  of  ty.  This  implies 
that  ^  is  not  a  label  formula  of  T  and  thus  £  is  not  a  feedback 
event. 


The  locality  recognition  procedure  takes  a  bounded-local  rule  set  R  and 
automatically  constructs  a  proof  of  the  locality  of  R  using  the  same  technique 
as  that  used  above  in  proving  the  locality  of  the  rule  set  M.  The  proof  of 
locality  of  M  involved  showing  that  every  extension  event  for  M  is  an  instance 
of  one  of  four  specific  templates.  In  order  to  construct  an  analogous  proof  for 
an  arbitrary  bounded-local  rule  set  R,  the  procedure  must  generate  a  finite 
set  of  event  templates,  specific  to  the  rule  set  R,  and  must  show  that  this 
finite  set  of  event  templates  covers  all  extension  events  for  R.  The  recognition 
procedure  uses  a  single  process  to  both  generate  the  event  templates  and  to 
prove  that  the  generated  templates  cover  all  events.  This  process  starts  with 
a  set  of  “null”  templates  and  generates  new  templates  by  iteratively  passing 
existing  templates  through  the  inference  rules. 


Definition:  The  null  template  of  kind  t  is  <?Q',?^,  {T'f},  {}> 
where  ?c*  is  a  metavariable  of  kind  r. 

Observation:  An  extension  event  has  rank  0  if  and  only  if  it  is 
an  instance  of  some  null  template. 

Without  loss  of  generality  we  can  consider  only  the  syntactic  kinds  used  in 
the  inference  rules,  so  we  we  need  only  consider  a  finite  set  of  null  templates. 
The  following  lifting  lemma  states  the  existence  of  a  procedure  for  passing 
templates  through  inference  rules. 
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Lifting  Lemma:  Let  R  be  a  finite  rule  set  and  let  T  be  a  finite 
template  set  such  that  T  covers  all  extension  events  for  R  of  rank 
j  or  less.  It  is  possible  to  compute  a  finite  template  set  R(T)  that 
covers  all  events  of  rank  j  +  1  or  less. 


The  proof  of  the  lifting  lemma,  and  a  procedure  for  computing  R(T),  is  given 
in  the  appendix. 


Definition:  For  any  rule  set  R,  define  T0(R)  to  be  the  set  of  null 
templates  and  define  Tj+i(f? )  to  be  Tj(R)  U  R(Tj(R)).2 

Observation:  Tj(R)  covers  every  extension  event  for  R  with 
rank  j  or  less. 

Lemma:  R  is  local  if  and  only  if  there  is  no  j  such  that  Tj(R) 
contains  a  feedback  event. 

Proof:  Suppose  there  exists  some  feedback  event  for  R.  This 
event  must  have  some  finite  rank  j  and  must  be  covered  by  some 
element  of  Tj(R).  Templates  that  are  not  feedback  events  can  not 
cover  feedback  events,  so  Tj(R )  must  contain  a  feedback  event. 

Lemma:  R  is  j-bounded- local  if  and  only  if  Tj(R)  does  not  con¬ 
tain  any  feedback  events,  Tj(R)  covers  R(Tj(R)),  and  every  mem¬ 
ber  of  Tj(R)  has  rank  j  or  less.3 

Proof:  First  suppose  Tj(R)  covers  R(Tj(R)).  Since  covering  is 
transitive,  this  implies  that  Tj(R )  covers  all  events  of  rank  j  + 1  or 
less.  But,  by  the  same  argument,  this  implies  that  Tj(R)  covers 
all  events  of  rank  j  +  2  or  less.  In  fact,  Tj(R)  covers  all  events. 

If,  in  addition,  Tj(R)  does  not  contain  any  feedback  events,  then 
there  can  be  no  feedback  events  for  R  and  R  must  be  local.  If  all 
templates  in  Tj(R)  have  rank  j  or  less  then,  since  no  template  can 
cover  an  event  of  greater  rank,  all  extension  events  for  R  must 
have  rank  j  or  less. 

7A  “more  efficient”  definition  states  that  Tj+i(R)  equals  Tj(R)  plus  those  elements  of 
R(Tj(R))  not  already  covered  by  some  element  of  Tj(R). 

3The  most  natural  procedure  for  constructing  R(T)  ensures  that  every  event  in  Tj(R) 
has  rank  j  or  less. 
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Now  suppose  that  R  is  j-bounded  local.  Since  there  are  no 
feedback  events  for  R,  Tj(R )  must  not  contain  a  feedback  event. 
Since  every  event  has  rank  j  or  less,  Tj(R )  must  cover  all  events. 
This  implies  that  Tj(R)  covers  R(Tj(R)).  Finally,  since  all  ex¬ 
tension  events  for  R  have  rank  j  or  less,  every  template  in  Tj(R) 
must  have  rank  j  or  less. 


The  recognition  theorems  follow  directly  from  the  above  lemmas.  A  pro¬ 
cedure  based  on  the  above  lemmas  has  been  implemented  and  all  claims 
made  in  this  paper  for  the  bounded-locality  of  particular  rule  sets  have  been 
mechanically  verified. 


7  Additional  Examples 


This  section  presents  additional  examples  of  bounded-local  rule  sets.  These 
examples  are  intended  to  support  the  hypothesis  that  bounded- local  rule  sets 
are  quite  common  and  easily  constructed.  The  examples  are  also  intended 
to  support  the  hypothesis  that  recognizing  locality  is  usually  difficult. 

Three  examples  of  local  rule  sets  are  discussed  above  —  a  Boolean  rule 
set  B,  an  equality  rule  set  E ,  and  a  monotonicity  rule  set  M.  Additional 
examples  of  bounded-local  rule  sets  can  be  derived  by  considering  various 
unions  of  these  rule  sets,  e.g.,  M  U  B  or  M  U  B  U  E.  It  turns  out  that 
all  such  unions  are  bounded-local.  In  general,  however,  a  union  of  local 
rule  sets  need  not  be  local.  Similarly,  a  subset  of  a  local  rule  set  need  not 
be  local.  The  locality  of  the  various  combinations  of  B,  E,  and  M  has 
been  determined  through  mechanical  verification.  Except  for  the  rule  set 
B ,  which  is  1-bounded-local,  all  combinations  of  rule  sets  J3,  E,  and  M  are 
2-bounded-local. 

The  next  example  is  a  rule  set  based  on  the  syntactic  structure  of  English 
under  Montague  semantics.  The  rules  involve  expressions  of  three  differ¬ 
ent  syntactic  kinds:  class  expressions,  specified  noun  phrases,  and  formulas. 
The  expressions  can  be  given  a  simple  semantics  in  which  each  class  expres¬ 
sion  denotes  a  set,  each  formula  denotes  a  truth  value,  and  each  specified 
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((every  lx)  lx)  27 

24  ((every  lx)  ly) 

((every  ly)  Iz) 

((every  lx)  Iz)  28 

25  ((some  lx)  ly) 

((some  ly)  lx)  29 

26  ((some  lx)  ly) 

((some  lx)  lx)  30 


((some  ?z)  ly) 

((every  ly)  Iz) 

((some  lx)  Iz) 

((every  ?x)  ly) 

((every  (1R  (some  ?x)))  (1R  (some  ly))) 
((every  lx)  ly) 

((every  (1R  (every  ?y)))  (1R  (every  ?x))) 
((some  ?x)  ly) 

((every  (1R  (every  lx)))  (1R  (some  ly))) 


Figure  2:  A  Natural  Rule  Set 

noun  phrase  denotes  an  operator  that  maps  sets  to  truth  values  (a  second 
order  predicate).  For  example  if  z  denotes  a  set  then  (every  x)  is  a  speci¬ 
fied  noun  phrase  and  denotes  a  second  order  predicate  that  is  true  of  a  set 
y  just  in  case  the  set  x  is  a  subset  of  the  set  y  —  a  formula  of  the  form 
((every  x)  y)  is  true  just  in  case  x  C  y.  Similarly,  a  formula  of  the  form 
((some  z)  y)  is  true  just  in  case  some  element  of  the  set  x  is  a  member 
of  the  set  y ,  i.e.,  just  in  case  z  D  y  is  non-empty.  For  any  binary  rela¬ 
tion  R ,  and  class  expression  C,  we  let  ( R  (some  C ))  and  (R  (every  C)) 
be  class  expressions.  For  example,  let  kissed  be  a  binary  relation  and  let 
man  and  woman  be  class  expression  constants.  We  have  the  class  expres¬ 
sions  (kissed  (some  woman))  and  (kissed  (every  woman))  and  we  have 
formulas  such  as  ((every  man)  (kissed  (some  woman))),  or  alternatively, 
((some  man)  (kissed  (every  woman))). 

The  meaning  of  expressions  of  the  form  ( R  (some  C ))  and  (R  (every  C)) 
can  be  defined  so  that  the  above  formulas  have  a  natural  meaning.  The 
inference  rules  shown  in  figure  2  are  sound  under  this  natural  semantics. 
Let  N  (for  Natural)  be  the  set  of  inference  rules  given  in  figure  2.  A  more 
complete  discussion  of  natural  language  inference  relations  can  be  found  in 
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[McAllester  and  Givan,  1989].  In  the  current  context,  the  rule  set  N  simply 
provides  another  example  of  a  rule  set  that  can  be  analyzed  in  terms  of 
locality.  Although  N  is  not  a  local  rule  set,  the  notion  of  locality  can  be  used 
to  construct  a  polynomial  time  decision  procedure  for  the  relation  h/v.  First, 
to  see  that  N  is  not  local,  note  that  by  combining  inference  rules  25  and  30 
we  get 


((some  C)  S)  Hjv  ((every  (R  (every  S )))  ( R  (some  C))). 

However,  the  derivation  involves  the  expression  (some  S),  which  does  not 
appear  in  the  statement  of  the  inference  problem,  and  we  have 

((some  C)S)  n  ((every  ( R  (every  S )))  ( R  (some  C))). 

In  spite  of  the  fact  that  N  is  not  local,  the  locality  recognition  procedure 
can  be  used  to  show  that  the  relation  \~n  is  polynomial  time  decidable.  Let 
N'  be  the  rule  set  constructed  from  N  by  replacing  formulas  of  the  form 
((every  C)  S )  and  ((some  C)  S )  by  formulas  of  the  form  (is-every  C  S ) 
and  (is-some  C  S)  respectively.  For  any  for  .a.a  <f>  and  set  of  formulas  £ 
we  similarly  define  and  £'.  We  now  have  that  £  h  N  $  if  and  only 
if  £'  It  now  suffices  to  show  that  is  polynomial  time  decid¬ 

able.  But  one  can  machine- verify  the  fact  that  N1  is  4-bounded-local.  The 
refined  tractability  lemma  then  implies  that  there  exists  an  order  n3  decision 
procedure  for  the  relation  hjv*. 


8  Applications  to  General  Reasoning 


Sound  and  complete  rule  sets  for  semantically  expressive  languages  are  nec¬ 
essarily  intractable.  Assuming  P  ^  NP,  the  semantic  entailment  relation 
for  propositional  logic  is  not  polynomial  time  decidable.  The  case  is  worse 
for  full  first  order  logic  —  if  a  rule  set  R  is  sound  and  complete  for  first  order 
logic  then  h/j  is  not  decidable.  At  first  glance,  it  would  seem  that  the  notion 
of  locality  does  not  apply  to  such  intractable  rule  sets.  However,  the  notion 
of  locality  can  be  useful  in  constructing  semi-automated  verification  systems 
for  checking  proofs  under  intractable  rule  sets. 
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Consider  the  quantifier-free  predicate  calculus  with  equality.  The  seman¬ 
tic  entailment  relation  for  quantifier-free  predicate  calculus  is  coNP-complete 
—  so  the  relation  is  presumably  intractable.  However,  consider  the  rule  set 
B  U  E  which  is  the  union  of  the  Boolean  and  equality  rules  given  above.  This 
rule  set  is  local  and  thus  \~buE  is  polynomial  time  decidable  (it  is  actually 
decidable  in  order  n  log2  n  time,  or  order  n  log  n  time  assuming  that  hash 
lookups  take  unit  time).  Although  the  relation  b  buE  is  not  complete  for 
quantifier-free  logic,  it  seems  quite  powerful  in  practice.  It  is  possible  to  con¬ 
struct  a  sequent  proof  system  that  is  complete  for  quantifier-free  logic  based 
on  the  decidable  relation  b buE-  A  proof  in  this  system  is  a  series  of  fines 
where  each  line  is  a  sequent  of  the  form  E  b  $.  This  proof  system  is  “high- 
level”  in  the  sense  that  individual  lines  in  the  proof  can  abbreviate  inferences 
involving  a  large  number  of  individual  rule  applications.  The  abbreviation 
of  many  inferences  in  a  single  line  allows  high-level  proofs  to  be  shorter  than 
traditional  proofs.  The  high-level  system  has  two  sequent  rules.  First,  if 
£  b  BuE  $  then  the  fine  E  b  $  can  be  introduced  without  justification. 
Second,  if  the  high-level  proof  contains  fines  £  U  b  $,  and  £  U  b  $, 
then  one  is  allowed  to  add  the  fine  E  b  $.  The  resulting  high-level  proof 
system  is  semantically  complete,  i.e.,  if  $  is  semantically  entailed  by  E  then 
one  can  derive  the  sequent  £  b  $.  The  correctness  of  a  series  of  sequents, 
i.e.,  the  “proofhood”  of  a  proposed  high-level  proof,  can  be  quickly  verified 
using  the  decision  procedure  for  the  relation  b Bue-  Most  importantly,  proofs 
in  this  high-level  proof  system  can  be  much  shorter  than  traditional  proofs 
based  on  the  same  rule  set. 

The  high-level  proof  system  just  described  for  quantifier-free  predicate 
calculus  can  be  modified  to  yield  high-level  proof  systems  for  full  first  order 
logic,  or  even  Zermelo- Fraenkel  set  theory.  A  high-level  proof  system  for  first 
order  logic  is  described  in  [McAllester  et  al.,  1989].  A  machine  verified  high- 
level  proof  of  the  Stone  representation  theorem  for  Boolean  lattices,  from 
the  axioms  of  set  theory,  is  described  in  [McAllester,  1989].  In  this  earlier 
work  particular  inference  relations  were  shown  to  be  polynomial  time  decid¬ 
able  without  using  the  general  notion  of  locality  or  the  mechanical  locality 
recognition  procedure. 

The  various  high-level  proof  systems  described  above  are  ail  based  on  the 
idea  of  separating  an  intractable  inference  relation  into  a  combination  of  a 
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tractable  rule  set  and  a  set  of  high-level  sequent  rules.  Note  that  there  is 
no  requirement  that  the  tractable  rule  set  be  semantically  complete.  This 
division  should  be  done  in  a  way  that  maximizes  the  power  of  the  tractable 
rule  set.  In  the  case  of  first  order  logic,  the  power  of  the  tractable  rule  set  can 
be  improved  by  using  inference  rules  for  a  non-standard  syntax.  It  appears 
that  a  syntax  based  on  certain  features  of  natural  language  is  particularly 
effective.  The  use  of  natural  language  syntax  in  the  construction  of  powerful 
high-level  proof  systems  is  discussed  in  more  detail  in  [McAllester  et  al.,  1989] 
and  [McAllester  and  Givan,  1989]. 


9  Discussion 


Several  technical  questions  remain  unanswered.  First,  although  the  above 
procedure  shows  that  ^-bounded  locality  is  decidable  for  arbitrary  rule  sets, 
it  is  not  known  whether  (unbounded)  locality  is  decidable.  Another  open 
question  regards  inference  relations  rather  than  rule  sets.  An  inference  rela¬ 
tion  will  be  called  local  if  it  is  generated  by  some  local  rule  set.  It  is  possible 
for  a  rule  set  R  to  be  non-local  and  yet  the  relation  Hr  is  generated  by  some 
other  rule  set  R'  where  R1  is  local  —  so  the  relation  Hr  can  be  local  even 
though  R  is  not.  Given  a  rule  set  R  can  one  determine  if  the  relation  Hr 
is  local?  We  will  say  that  a  relation  is  &-bounded-local  if  it  is  generated  by 
some  fc-bounded-local  rule  set.  Can  one  determine  if  Hr  is  fc-bounded-local? 

It  seems  likely  that  the  definition  of  locality  can  be  improved.  Consider 
the  “natural”  rule  set  N  given  above.  This  rule  set  is  not  local  but  a  trivial 
syntactic  transformation  yields  an  essentially  equivalent,  but  bounded- local, 
rule  set  N'.  In  general,  replacing  formulas  of  the  form  {P  s  t)  by  formulas 
of  the  form  ((P  s)  f),  i.e.,  Currying  the  predicate  P,  can  transform  a  local 
rule  set  into  one  that  is  not  local.  The  fact  that  locality  is  sensitive  to 
such  trivial  syntactic  changes  suggests  that  a  more  robust  notion  of  locality 
is  possible.  Ideally,  a  definition  of  locality  should  have  the  property  that 
locality  of  an  arbitrary  rule  set  is  decidable,  locality  of  a  rule  set  guarantees 
that  the  generated  inference  relation  is  polynomial  time  decidable,  and  the 
class  of  local  relations  is  closed  under  certain  simple  syntactic  transformations 
such  as  Currying. 
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An  improved  notion  of  locality  might  also  lead  to  improvements  in  the 
refined  tractability  lemma.  Ideally,  one  should  be  able  to  mechanically  recog¬ 
nize  that  the  Boolean  inference  relation  is  linear  time  decidable  rather  than 
quadratic  as  the  tractability  lemma  would  indicate.  Similarly,  the  single  rule 
of  transitivity  generates  a  relation  that  is  decidable  in  linear  time,  rather 
than  cubic.  In  both  of  these  examples  the  more  efficient  algorithm  can  be 
viewed  as  a  tighter  restriction  on  forward  chaining  inference.  Automatic 
construction  of  a  fast  congruence  closure  algorithm  is  perhaps  too  much  to 
expect  —  fast  congruence  closure  is  not  simply  a  matter  of  tightening  the 
restriction  on  forward  chaining  inference.  However,  it  may  be  reasonable  to 
invoke  special  case  mechanisms  for  rule  sets  that  include  the  equality  rules 
as  a  subset.  Hopefully,  the  framework  presented  in  this  paper  is  only  a  first 
step  toward  a  more  powerful,  and  more  general,  theory  of  tractable  inference 
relations. 
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APPENDIX:  The  Lifting  Lemma 
The  lifting  lemma  can  be  stated  as  follows. 


Lifting  Lemma:  Let  I?  be  a  finite  rule  set  and  let  T  be  a  finite  template  set 
such  that  T  covers  all  extension  events  for  R  of  rank  j  or  less.  It  is  possible 
to  compute  a  finite  template  set  R[T)  that  covers  all  events  of  rank  j  +  1  or 
less. 

The  template  set  R(T)  can  be  constructed  from  R  and  T  as  follows. 

Definition:  Let  R  be  a  set  of  inference  rules  and  let  T  be  a  set  of  event 
templates  such  that  any  individual  metavariable  appears  in  at  most  one  rule 
or  template  (the  rules  and  templates  have  all  been  resolved  apart).  We 
define  R{T)  to  be  the  set  of  event  templates  that  can  be  generated  non- 
deterministically  by  the  following  procedure. 

1.  Let 

9i 

e™ 

<& 

be  a  rule  in  R  and  let  <0^,  Ei,  Tx>  . . .  <a„,  E„,  T„>  be  tem¬ 

plates  in  T  such  that  there  exists  a  metavariable  substitution  p  such 
that  p(0i)  =  p{^i)  for  1  <  i  <  n  and  p(aj)  =  p{aj)  for  1  <  i  <  j  <  n. 

2.  Let  p  be  the  most  general  substitution  satisfying  the  above  conditions. 

3.  Let  a  be  the  expression  p(a,-)  for  any  a,-. 

4.  Let  {sj . . .  a*}  be  the  set  of  all  top  level  proper  subexpressions  of  p($), 
i.e.,  proper  subexpressions  of  p($)  that  are  not  proper  subexpressions 
of  any  (larger)  proper  subexpression  of  p($). 

5.  Let  {u j . . .  um}  and  {tyj . . .  w?)  be  disjoint  sets  whose  union  is  {sj . . .  s*} 
and  such  that  there  exists  a  substitution  p'  such  that  />'(u,-)  =  p'{cx)  for 
1  <  i  <  m. 


6.  Let  p'  be  the  most  general  substitution  satisfying  the  above  conditions 
for  the  selected  expressions  ui . . .  um. 

7.  Let  a1  be  p'(a). 

8.  Let  $'  be  />'(/>($)). 

9.  Let  S'  be  //(p(US«n(S.-)))- 

10.  Let  T'  be  the  least  subexpression  closed  set  containing  all  of  the  fol¬ 

lowing: 

(a)  All  closed  (variable-free)  proper  subexpressions  of  formulas  that 
appear  in  the  rule  set  R. 

(b)  All  proper  subexpressions  of  S' 

(c)  All  sets  of  the  form  /)'(/?(T,))  for  1  <  i  <  n 

(d)  All  proper  subexpressions  of  c*'. 

(e)  The  expressions  p'{w\) . . .  p'(wp). 

11.  If  a'  is  not  a  member  of  T'  then  output  <a',  $',  S',  T'>. 


Lemma:  If  T  is  a  set  of  event  templates  for  R  then  R(T)  is  also  a  set  of 
event  templates  for  R  and  if  all  templates  in  T  have  rank  j  or  less  then  all 
templates  in  R(T)  have  rank  j  +  1  or  less. 

Proof:  Let  <a\  $',  S',  T'>  be  some  tuple  in  R(T).  An  event  template  is 
just  an  event  (which  may  contain  metavariables)  so  we  have  to  show  that 
this  tuple  satisfies  all  of  the  conditions  for  being  an  extension  event  for  R. 
Step  10  ensures  that  T'  is  subexpression  closed  and  steps  10a  and  10b  ensure 
that  T'  contains  Q, (R,  S').  Step  lOd,  and  the  condition  in  step  11  that  a'  not 
be  in  T',  ensure  that  a'  is  a  one  step  extension  of  T'.  Steps  3,  4,  5,  6,  and 
lOe  ensure  that  every  immediate  subexpression  of  $'  is  either  a  member  of 
T'  or  is  equal  to  a'.  This  guarantees  that  $'  is  a  label  formula  of  T'  U  a'. 

We  must  also  show  that  the  formula  $>'  is  a  member  of  C%  ’ji+1(S',  T').  Let 
<ati,9i,  Si,Ti> . . .  <a„,  S„,  Tn>  be  the  templates  in  T  selected  at  step 

1  of  the  procedure.  Let  p"  be  the  substitution  that  maps  every  expression  e  to 
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p'(p(e))  where  p  and  p'  are  the  substitutions  constructed  in  steps  2  and  6  re¬ 
spectively.  The  construction  of  the  substitution  p'  ensures  that  is  derivable 
from  p"{} Pi) . . .  p"(^n)  via  a  single  inference  rule.  For  each  we  have  that 
is  a  member  of  T,).  Now  we  show  that  />"(Cr(E;,  T,))  is  a  subset 

of  Cr(E',  T').  Let  0  be  any  formula  in  Cr(E,-,  T,)  we  must  show  that  p"(Q) 
is  a  member  of  Cr(E',  Y').  Let  D  be  a  derivation  of  0  from  Et-  such  that  ev¬ 
ery  formula  in  D  is  a  label  formula  of  T,-.  p"(D)  is  a  derivation  of  />"(©)  from 
p"(E).  Furthermore,  since  every  proper  subexpression  of  every  formula  in  D 
is  a  member  of  T,-,  every  proper  subexpression  of  every  formula  in  p"{D)  is  a 
member  of  T'.  Thus  p"(Q)  is  a  member  of  Cr(E',  Y'),  and  rho"(CR(T,i,  T;)) 
is  a  subset  of  Cr(E',  Y').  Since  is  a  member  of  Cr’^E,-,  Y,),  there  ex¬ 
ists  a  depth  j  derivation  of  p/,(\fr,-)  from  Y,)).  Since  p"(Cr(E,-,  Y,) 

is  a  subset  of  Cr(E',  T'),  there  exists  a  depth  j  derivation  of  p'/('5l)  from 
Cr( E',  Y').  An  argument  similar  to  the  one  above  shows  that  every  formula 
in  this  derivation  is  a  label  formula  of  T'U  {a'}  and  thus  is  a  member 

of  Cr  ,J(E',  T').  But  is  derivable  in  one  step  from  p"{^l i) . . .  and 

thus  <&'  must  be  a  member  of  C%  J'+1(E',  Y')-  D 

Lemma:  If  T  is  a  set  of  templates  that  covers  all  events  with  rank  j  or  less, 
then  R(T)  covers  all  events  of  rank  j  +  1. 

Proof:  Let  £"  be  an  extension  event  <a",  E",  T">  of  rank  j  - f  1  (the  use 
of  double  primes  allows  the  names  used  in  this  proof  to  agree  with  the  names 
used  in  the  above  procedure).  By  definition,  is  a  member  of  C'rj+1  (E,Y) 
but  not  a  member  of  CrJ(E,T).  This  implies  that  there  exist  formulas 
ty" ...  ^"  in  Cr  *j(E//,  Y")  and  an  inference  rule  r  of  the  form 


0i 

0„ 


in  R  that  allows  to  be  derived  from  ^ "  . . .  by  applying  a  substitution  a 
to  the  inference  rule.  We  have  that  tr(0,)  =  $•'  and  cr($)  =  Let  £". . .  £" 
be  the  extension  events  <£*",  'P",  E",  Y">  . . .  <or",  E",  T">  respectively. 
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Each  event  £'(  has  rank  j  or  less  and  thus  each  £'{  is  covered  by  some  tem¬ 
plate  in  T.  Let  £\ . . .  £„  be  templates  <ai,  Ei,  Ti>  . . .  <On,  \Pn,  E„,  Tn> 
that  cover  events  £'[ . . .  £"  via  substitutions  p\ ...  p„  respectively.  We  have 
assumed  that  no  metavariable  appears  in  more  than  one  of  r,  £x  ...  £n. 
Therefore  we  can  define  a  substitution  r  such  that  for  any  metavariable  x, 
if  x  appears  in  r  then  r(x)  equals  cr(x);  if  x  appears  in  £;  then  r(x)  equals 
Pi{x );  otherwise  r(x)  equals  x.  We  now  have 

T(0.)  =  <7(00  = 

r(«0  =  turn  = 
r(a<)  =  />,(<*<)  =  »"• 

Thus  we  have  that  r(0t)  =  r(^,)  for  1  <  i  <  n  and  r(ari)  =  r(aj)  for 
1  <  *  <  j  <  n.  So  the  substitution  r  satisfies  all  of  the  conditions  given  in 
step  1  of  the  procedure.  Let  p  be  the  most  general  substitution  satisfying 
these  conditions,  as  constructed  at  step  2  of  the  procedure. 

The  substitution  p  is  at  least  as  general  as  t.  This  implies  that  the 
substitution  r  can  be  written  as  p  followed  by  another  substitution  r',  i.e., 
for  any  expression  e  we  have  that  f(e)  equals  r'(p{e)).  Let  a  be  p(oti)  as 
defined  in  step  3  of  the  procedure.  Since  r'(p(a0)  equals  r(a,)  which  equals 
a",  we  have  that  t'(q)  equals  a".  The  expression  r'(p($))  equals  r($)  which 
equals  Thus  t/(^($))  is  a  label  formula  of  T"  U  {a"}-  This  implies 
that,  for  each  immediate  subexpression  s  of  p($),  we  have  that  r'(s)  either 
equals  a"  or  is  a  member  of  T".  Let  ui . . .  u*  be  the  set  of  all  immediate 
subexpression  u  of  p($)  such  that  t'(u)  equals  a".  Let  wx...wv  be  the 
set  of  immediate  subexpressions  w  of  /?($)  such  that  t'(w )  is  a  member  of 
T".  Note  that  for  each  we  have  that  r'(uj)  equals  a"  which  equals  r'(a). 
Thus  t'  is  a  substitution  that  satisfies  the  requirement  of  step  5.  Let  p'  be 
the  substitution  defined  in  step  6  of  the  procedure,  i.e.,  the  most  general 
substitution  such  that  p'{ui)  =  p'(a)  for  1  <  i  <  m. 

The  substitution,  p1  at  least  as  general  as  r'.  As  before,  this  implies  that 
r#  can  be  written  as  p’  followed  by  another  substitution  r",  i.e.,  for  any  ex¬ 
pression  e,  r'(e)  equals  r"(p'(e)).  We  now  have  that  for  any  expression  e,  r(e) 
equals  T"(p'(p(u)).  Let  a',  E',  and  T'  be  defined  as  in  steps  7,  8,  9,  and  10 

of  the  procedure,  and  let  £'  be  the  tuple  <ot,  E',  T'>.  We  will  now  show 
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1 1 


that  S'  is  an  event  template  that  covers  the  original  event  <a" ,  £",  T"> 

via  the  substitution  r".  We  have  that  equals  r"(p'(a))  which  equals 

a".  Similarly,  equals  Furthermore,  a  case  analysis  on  steps  10a 

through  lOd  can  be  used  to  show  that  r/,(T/)  is  a  subset  of  T".  This  implies 
that  a'  is  not  a  member  of  T',  otherwise  we  would  have  that  r"(a')  is  a  mem¬ 
ber  of  r"(T')  and  so  a"  would  be  a  member  of  Y"  which  violates  the  original 
condition  that  a"  be  a  one- step  extension  of  Tw.  Since  a'  is  not  a  member 
of  T'  the  tuple  S'  is  output  by  the  procedure  and  thus  is  a  member  of  R(T). 
By  the  above  lemma,  S'  is  an  event  template.  Finally,  we  must  show  that 
r"(£')  is  a  subset  of  Cfl(£",T").  The  set  r"(£')  equals  Ui<<<n  r"(p'M£.))) 
which  equals  Ui<«<n  T(S,)-  But  by  assumption,  which  equals  p,(E,), 

is  a  subset  of  Cn(T,",  T").  □ 
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